Hackers have sought to exploit the novel coronavirus to spread chaos, make money and build political advantage. The trends show a variety of ways bad actors are using this particular global moment to their advantage.
Even as government agencies around the world stretch themselves thin to battle the novel coronavirus, they have also had to defend themselves against an apparent surge in interest from hackers.
With a large uptick in government telework, the fear and anxiety surrounding cyberattacks has risen, and reports from state and federal authorities consistently indicate hackers are trying to take advantage of the current chaos for their own gain.
At the same time, in certain areas where experts had predicted catastrophic effects, recent reports have shown that those concerns may have been overblown. Here's a run down of the current trends and the ways hackers are targeting governments as the COVID-19 crisis continues to unfold.
As joblessness has climbed at an alarming rate, unemployment benefit websites have apparently become major targets for hackers.
"Attackers, whether cybercriminals or nation-state adversaries, are always looking for stress points and cybervulnerabilities," said Marcus Fowler, director of strategic threat at Darktrace, whose company recently published research on this trend. "The current global disruption and implosion of what was once normal is exposing, and at times even creating, new stress points and attack opportunities."
Fowler, a former CIA agent with a background in cybersecurity and data analysis, said that benefit websites have become one such stress point. Their increased political importance paired with a lack of cyber-readiness makes them appealing targets.
"Every government is suddenly having to manage massive unemployment spikes and an unprecedented number of benefits sign-ups as COVID-19 disrupts economies around the world. U.S. unemployment application numbers have reached over 26 million. Just this week, Reuters has reported that millions of Americans have been completely locked out of U.S. unemployment sites," said Fowler.
"Previously, these sites were not as critical to countries’ ability to move forward as they are today. This likely means they also were not resourced adequately from a cybersecurity standpoint. Much like the saying 'you don’t start digging the well when you are thirsty,' you want to avoid trying to scale up security only after your site has become a target," he said.
Some experts are warning that schools may become one of the biggest public-sector targets for hackers during the outbreak. Earlier this month, the FBI warned that remote education platforms were targets for hackers, and numerous schools have reported incidents in recent weeks, as the flood of "zoombombing" reports shows.
Schools have traditionally been a target because of poor cybersecurity staffing and training. Some 350 K-12 breaches were reported during FY19 alone, a number that could grow given the circumstances, said James Yeager, CrowdStrike's public sector expert. Schools may be particularly susceptible to social engineering attacks, which have risen in prominence since COVID-19, he said.
"Ed tech is at risk of falling victim to these schemes, as students and/or parents may click on a link thinking it’s a virtual classroom or some other method of electronic curriculum when instead it’s a cybercriminal attempting to gain login credentials," said Yeager.
Not all the cybernews is bad, however. As odd as it might seem, successful ransomware attacks on municipal entities have actually "taken a nosedive" since the coronavirus outbreak, said Brett Callow, threat analyst with Emsisoft.
A precipitous drop in successful attacks on health care, education and other government entities marked the first quarter of 2020, Emsisoft research shows. Of those, schools are being hit the hardest, but overall numbers for entities are down across the board since this time last year.
"Despite COVID-19 and WFH [work-from-home], or, more accurately, because of them, the number of successful ransomware attacks on the U.S. public sector, including health care, has declined significantly. In fact, the number of incidents has reduced to a level that we have not seen for several years," Callow said, explaining that with entities reducing their organizational footprint they may be effectively reducing the attack surface.
However, this doesn't mean that you can't still get hit, as is evident by recent events involving the city of Torrance, Calif., which was struck by DoppelPaymer ransomware in January and is now having its stolen data leaked online.
Also, the Emsisoft report notes, this relief is "only temporary," and successful attack levels are likely to revert to normal levels once society returns to normal. Callow warned against an "uptick" in successful attacks in the coming weeks.